Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.

nginx-unificontroller.conf

# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. 
# The unifi default port is 8443 running on localhost. 

# License: CC0 (Public Domain)

server {
        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        server_name unifi.hostname.com;

        # Needed to allow the websockets to forward well.
        # Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
        location /wss/ {
                proxy_pass https://localhost:8443;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_read_timeout 86400;
        }

        location / {
                proxy_pass https://localhost:8443/; # The Unifi Controller Port
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        }

        # Unifi still internally uses its own cert. This was converted to PEM and
        # is trusted for the sake of this proxy. See here for details:
        # https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670
        ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem;

        ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}

server {
        listen 80;
        listen [::]:80;

        server_name unifi.hostname.com;

        location / {
                return 301 https://$host$request_uri;
        }
}

I took the original and added this line to the location /wss/ section and it seems to work.
proxy_set_header Origin '';

This also worked for me. The errors in the user interface disappeared. The return code in Nginx changed from 404 to 101 (Switching protocol).

This solved it also for me :) Thx!

Hi, I found myself wanting to do this for putting the Unifi controller inside an iFrame to use with HomeAssistant.

To add it into the iFrame you need to set a few additional headers into both the location /wss/ and location / parts of the nginx conf.

Here they are:

# Headers required for unifi to work
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Content-Type-Options;
proxy_cookie_path / "/; secure; SameSite=none";
add_header X-Frame-Options "ALLOWALL";

hi to all, i configure them, but open a white paga without any error.
location /wss/ {
proxy_pass https://192.168.1.5:8443;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
proxy_pass https://192.168.1.5:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";

}